From 7877a98bd9c00db5e81dd2f8c734cba2bab20be7 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 12 Aug 2022 09:26:17 +0200
Subject: Merging upstream version 1.36.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 aclk/aclk_otp.c | 48 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 39 insertions(+), 9 deletions(-)

(limited to 'aclk/aclk_otp.c')

diff --git a/aclk/aclk_otp.c b/aclk/aclk_otp.c
index c99c65637..b7bf173c4 100644
--- a/aclk/aclk_otp.c
+++ b/aclk/aclk_otp.c
@@ -446,11 +446,37 @@ cleanup_buffers:
     return rc;
 }
 
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300
+static int private_decrypt(EVP_PKEY *p_key, unsigned char * enc_data, int data_len, unsigned char **decrypted)
+#else
 static int private_decrypt(RSA *p_key, unsigned char * enc_data, int data_len, unsigned char **decrypted)
+#endif
 {
+    int result;
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300
+    size_t outlen = EVP_PKEY_size(p_key);
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(p_key, NULL);
+    if (!ctx)
+        return 1;
+
+    if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        return 1;
+
+    if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+        return 1;
+
+    *decrypted = mallocz(outlen);
+
+    if (EVP_PKEY_decrypt(ctx, *decrypted, &outlen, enc_data, data_len) == 1)
+        result = (int) outlen;
+    else
+        result = -1;
+#else
     *decrypted = mallocz(RSA_size(p_key));
-    int result = RSA_private_decrypt(data_len, enc_data, *decrypted, p_key, RSA_PKCS1_OAEP_PADDING);
-    if (result == -1) {
+    result = RSA_private_decrypt(data_len, enc_data, *decrypted, p_key, RSA_PKCS1_OAEP_PADDING);
+#endif
+    if (result == -1)
+    {
         char err[512];
         ERR_error_string_n(ERR_get_error(), err, sizeof(err));
         error("Decryption of the challenge failed: %s", err);
@@ -458,12 +484,16 @@ static int private_decrypt(RSA *p_key, unsigned char * enc_data, int data_len, u
     return result;
 }
 
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300
+int aclk_get_mqtt_otp(EVP_PKEY *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target)
+#else
 int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target)
+#endif
 {
     unsigned char *challenge;
     int challenge_bytes;
 
-    char *agent_id = is_agent_claimed();
+    char *agent_id = get_agent_claimid();
     if (agent_id == NULL) {
         error("Agent was not claimed - cannot perform challenge/response");
         return 1;
@@ -806,7 +836,7 @@ int aclk_get_env(aclk_env_t *env, const char* aclk_hostname, int aclk_port) {
 
     req.request_type = HTTP_REQ_GET;
 
-    char *agent_id = is_agent_claimed();
+    char *agent_id = get_agent_claimid();
     if (agent_id == NULL)
     {
         error("Agent was not claimed - cannot perform challenge/response");
@@ -814,11 +844,11 @@ int aclk_get_env(aclk_env_t *env, const char* aclk_hostname, int aclk_port) {
         return 1;
     }
 
-#ifdef ENABLE_NEW_CLOUD_PROTOCOL
-    buffer_sprintf(buf, "/api/v1/env?v=%s&cap=json,proto&claim_id=%s", &(VERSION[1]) /* skip 'v' at beginning */, agent_id);
-#else
-    buffer_sprintf(buf, "/api/v1/env?v=%s&cap=json&claim_id=%s", &(VERSION[1]) /* skip 'v' at beginning */, agent_id);
-#endif
+    if (rrdcontext_enabled)
+        buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto,ctx&claim_id=%s", &(VERSION[1]) /* skip 'v' at beginning */, agent_id);
+    else
+        buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto&claim_id=%s", &(VERSION[1]) /* skip 'v' at beginning */, agent_id);
+
     freez(agent_id);
 
     req.host = (char*)aclk_hostname;
-- 
cgit v1.2.3